ldap-server authentication manager

Function

The ldap-server authentication manager command configures the administrator DN and password of an LDAP authentication server.

The undo ldap-server authentication manager command deletes the administrator DN and password of an LDAP authentication server.

By default, no administrator DN and password are configured for an LDAP authentication server.

Format

ldap-server authentication manager manager-dn [ password [ repassword ] ]

undo ldap-server authentication manager

Parameters

Parameter	Description	Value
manager-dn	Specifies the administrator DN of an LDAP authentication server.	When manager-dn does not contain spaces, the value is a string of 1 to 63 characters. When manager-dn contains spaces, the value is a string of 3 to 65 characters and must be enclosed in double quotation marks (""), for example, "cn=test manager,cn=users".In dual-device hot standby scenarios, the value cannot contain %. This parameter must be used together with the ldap-server authentication manager-with-base-dn enable command. For example, if the administrator account is under Base DN example.com and belongs to the users group, set the administrator DN to either of the following values: cn=administrator,cn=users if ldap-server authentication manager-with-base-dn enable is configured cn=administrator,cn=users,dc=example,dc=com if undo ldap-server authentication manager-with-base-dn enable is configured NOTE: The value supports multiple languages, including ASCII characters such as the English and non-ASCII characters such as Chinese, German, and French. You can use a command editor of the GBK or UTF-8 encoding format to edit characters. For details about how to switch the encoding format of the system and related precautions, see the language character-set utf-8 command. The encoding format used by the client through which users access the network needs to be the same as that used by the device. Otherwise, users may fail to go online or the user name is displayed as garbled characters. After the encoding format is switched, if the user names of some users among the original online users contain non-ASCII characters, these user names are displayed as garbled characters.
password	Specifies the administrator password of an LDAP authentication server.	The value is a string of 1 to 31 characters in simple text or 68 characters in cipher text. The simple text string cannot contain & or ". The system saves this simple text string to the configuration file in cipher text. A simple text string of 1 to 16 characters is converted into a 48-byte cipher text string; a simple text string of 17 to 31 characters is converted into a 68-byte cipher text string. NOTICE: For security purposes, it is recommended that the administrator password meet the minimum complexity requirements. That is, it needs to contain at least three types of the following characters: uppercase letters, lowercase letters, digits (0 to 9), and special characters such as exclamation points (!), at signs (@), number signs (#), dollar signs ($), and percent signs (%), and contain at least 8 characters.
repassword	Re-enters the administrator password.	The value must be the same as that of password.

Views

LDAP server template view

Default Level

3: Management level

Usage Guidelines

To configure the administrator DN and password of an LDAP authentication server, run the ldap-server authentication manager command. If the ldap-server authentication manager-anonymous enable command has been executed to allow anonymous access to the LDAP server, the configuration will be deleted after the ldap-server authentication manager command is run.

Example

# Set the administrator DN and password of an LDAP authentication server to dn and YsHsjx_202206, respectively.

<sysname> system-view
[sysname] ldap-server template temp1
[sysname-ldap-temp1] ldap-server authentication manager dn YsHsjx_202206